How to block a domain?

dwilko

Verified User
Joined
Sep 7, 2005
Messages
57
Hi All,

Where is the correct place to block a domain from sending emails to my server?

I have tried adding "domain.com" to /etc/virtual/blacklist_domains and "*@domain.com" /etc/virtual/blacklist_senders but they still sending mail to my server.

Running Block Cracking, Easy Spam Fighter and Spam Blocker 4.6

Code:
# exim --version
Exim version 4.91 #4 built 21-Apr-2018 09:19:53
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR SPF TCP_Fast_Open Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2019-02-15 10:33:09 cwd=/etc/virtual 2 args: exim --version
Configuration file is /etc/exim.conf

Thanks

David
 
I had the same issue. Depends on if it's in the "from" section or in mail or in the header as the domain connecting to your server.
If you want to block some domain which connects to your server, try using the /etc/virtual/bad_sender_host or /etc/virtual_bad_sender_ip file.
 
I'm looking to block the from domain.

From the headers I can see they using the G Suite, so can't really block the whole of Google.
 
In that case the blacklist_domains should work.

This is what I got as a reply from a ticket I wrote once to support:
blacklist_domains is for domains in mailbox names, and bad_sender_hosts is for blacklisting servers.

So in your case you should add *@domain.com and just to be sure *@*.domain.com to the /etc/blacklist_domains file.

If that is not working I suggest sending in a ticket to DA. You can also place the log of a connection here. Keep at least in there the full data from the spammer. You can mask your own ip and hostname if you want.

I presume you also restarted Exim after making the changes.
 
Seems to be something wrong in the exim config. Even after a fresh ./build exim_config

This section doesn't seem to be applying correctly.

Code:
#EDIT#39:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       sender_domains = +blacklist_domains

I did some testing and I added the following afterwards and it does block from the blacklist_domains file.

Code:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
       sender_domains = +blacklist_domains
 
I don't see any difference between the first quote of #Edit#39 and the line you put behind it.

In both cases the line:
Code:
sender_domains = +blacklist_domains
is exactly the same. So what did you change then? Only added an extra "deny message" statement?

Which version of exim.conf are you using, some version 4.6?
I'm using Version 4.5.12, but this has the same Edit #39 as far as I can see.

Edit: You might consider going back to 4.5.12 because I just read 4.6 is a testing release.
 
Last edited:
Added it as an extra deny just after the Edit 39 one.

Code:
eximconf_release=4.5
 
So you have 2 exactly the same lines? Odd.

Ehmz... no I asked you which version exim.conf you had. You can only see this in the /etc/exim.conf file itself, on top. It should read version 4.5.12.

If you have this, and you have to add this extra line so it exists there twice, it would be a good thing to send in a support ticket so this can be fixed if this is an exim.conf issue.
 
Yes, Ik now. But that is for 1 domain only on user level.

We were talking about server wide blocks.;)
 
Back
Top